'\" t
.\"     Title: IPSEC_VERIFY
.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\"      Date: 10/06/2010
.\"    Manual: [FIXME: manual]
.\"    Source: [FIXME: source]
.\"  Language: English
.\"
.TH "IPSEC_VERIFY" "8" "10/06/2010" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ipsec_verify \- see if FreeSWAN has been installed correctly
.SH "SYNOPSIS"
.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIverify\fR [\-\-host\ \fIname\fR]
.SH "DESCRIPTION"
.PP
Invoked without argument,
\fIverify\fR
examines the local system for a number of common system faults: IPsec not in path, no secrets file generated, pluto not running, and IPsec support not present in kernel (or IPsec module not loaded)\&. If two or more interfaces are found, it performs checks relevant on an IPsec gateway: whether IP forwarding is allowed, and if so, whether MASQ or NAT rules are in play\&.
.PP
In addition,
\fIverify\fR
performs checks relevant to Opportunistic Encryption\&. It looks in forward DNS for a TXT record for the system\'s hostname, and in reverse DNS for a TXT record for the system\'s IP addresses\&. It checks whether the system has a public IP\&.
.PP
The
\fB\-\-host\fR
option causes
\fBverify\fR
to look for a TXT record for
\fIname\fR
in forward and reverse DNS\&.
.SH "FILES"
.sp
.if n \{\
.RS 4
.\}
.nf
/proc/net/ipsec_eroute
/etc/ipsec\&.secrets
.fi
.if n \{\
.RE
.\}
.SH "HISTORY"
.PP
Written for the Linux FreeS/WAN project <\m[blue]\fBhttp://www\&.freeswan\&.org\fR\m[]> by Michael Richardson\&.
.SH "BUGS"
.PP
\fIVerify\fR
does not check for
\fBipchains\fR
masquerading\&.
.PP
\fIVerify\fR
does not look for TXT records for Opportunistic clients behind the system\&.
